Security issues were identified and fixed in mozilla firefox andthunderbird:

Mozilla developers and community members identified and fixed severalmemory safety bugs in the browser engine used in Firefox 3.6 andother Mozilla-based products. Some of these bugs showed evidence ofmemory corruption under certain circumstances, and we presume thatwith enough effort at least some of these could be exploited to runarbitrary code (CVE-2011-2982).

Mozilla security researcher moz_bug_r_a_4 reported a vulnerability inevent management code that would permit JavaScript to be run in thewrong context, including that of a different website or potentiallyin a chrome-privileged context (CVE-2011-2981).

Security researcher regenrecht reported via TippingPoint's Zero DayInitiative that appendChild did not correctly account for DOM objectsit operated upon and could be exploited to dereference an invalidpointer (CVE-2011-2378).

Mozilla security researcher moz_bug_r_a4 reported that web contentcould receive chrome privileges if it registered for drop events and abrowser tab element was dropped into the content area (CVE-2011-2984).